251 lines
7.5 KiB
YAML
251 lines
7.5 KiB
YAML
# =============================================================================
|
|
# Nginx 部署配置
|
|
# Namespace: cpte-wms
|
|
# =============================================================================
|
|
|
|
---
|
|
# 1. ConfigMap
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: nginx-conf
|
|
namespace: cpte-wms
|
|
annotations:
|
|
kubesphere.io/creator: admin
|
|
kubesphere.io/description: Nginx 配置文件
|
|
data:
|
|
nginx.conf: |
|
|
worker_processes 1;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
charset utf-8;
|
|
|
|
# Gzip 压缩配置
|
|
gzip on;
|
|
gzip_static on;
|
|
gzip_buffers 4 16k;
|
|
gzip_comp_level 5;
|
|
gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name 101.35.253.46;
|
|
|
|
# Gzip 压缩配置
|
|
gzip_min_length 1k;
|
|
gzip_buffers 4 16k;
|
|
gzip_comp_level 3;
|
|
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
|
|
gzip_vary on;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
|
|
# 禁用 OPTIONS 请求
|
|
if ($request_method ~* OPTIONS) {
|
|
return 403;
|
|
}
|
|
|
|
# 前端配置
|
|
location / {
|
|
root /html/dist;
|
|
try_files $uri $uri/ /index.html last;
|
|
index index.html;
|
|
expires -1;
|
|
}
|
|
|
|
# 后端系统服务配置
|
|
location /cpte-wms/ {
|
|
proxy_pass http://cpte-wms-system:8000/cpte-wms/;
|
|
proxy_redirect off;
|
|
|
|
# 设置代理消息头
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
|
|
# 禁用缓存
|
|
expires -1;
|
|
|
|
# 安全配置
|
|
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Frame-Options "ALLOW-FROM 101.35.253.46";
|
|
add_header Content-Security-Policy "frame-ancestors 101.35.253.46";
|
|
}
|
|
|
|
# 后端基础服务配置
|
|
location /cpte-wms-basic/ {
|
|
proxy_pass http://cpte-wms-basic:8001/cpte-wms-basic/;
|
|
proxy_redirect off;
|
|
|
|
# 设置代理消息头
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
|
|
# 禁用缓存
|
|
expires -1;
|
|
|
|
# 安全配置
|
|
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Frame-Options "ALLOW-FROM 101.35.253.46";
|
|
add_header Content-Security-Policy "frame-ancestors 101.35.253.46";
|
|
}
|
|
|
|
# 后端入库服务配置
|
|
location /cpte-wms-inbound/ {
|
|
proxy_pass http://cpte-wms-inbound:8002/cpte-wms-inbound/;
|
|
proxy_redirect off;
|
|
|
|
# 设置代理消息头
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
|
|
# 禁用缓存
|
|
expires -1;
|
|
|
|
# 安全配置
|
|
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Frame-Options "ALLOW-FROM 101.35.253.46";
|
|
add_header Content-Security-Policy "frame-ancestors 101.35.253.46";
|
|
}
|
|
|
|
# 健康检查端点
|
|
location /health {
|
|
return 200 'OK';
|
|
add_header Content-Type text/plain;
|
|
}
|
|
|
|
location /ready {
|
|
return 200 'Ready';
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
}
|
|
|
|
---
|
|
# 2. Deployment
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: nginx
|
|
namespace: cpte-wms
|
|
labels:
|
|
app: nginx
|
|
annotations:
|
|
kubesphere.io/description: "WEB服务"
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
app: nginx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nginx
|
|
version: v1
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "80"
|
|
spec:
|
|
containers:
|
|
- name: nginx
|
|
image: docker.io/library/nginx:1.0
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
protocol: TCP
|
|
resources:
|
|
requests:
|
|
cpu: "50m"
|
|
memory: "64Mi"
|
|
limits:
|
|
cpu: "500m"
|
|
memory: "256Mi"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 80
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: 80
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
startupProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 80
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 30
|
|
volumeMounts:
|
|
- name: nginx-conf
|
|
mountPath: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
readOnly: true
|
|
- name: nginx-cache
|
|
mountPath: /var/cache/nginx
|
|
- name: nginx-log
|
|
mountPath: /var/log/nginx
|
|
volumes:
|
|
- name: nginx-conf
|
|
configMap:
|
|
name: nginx-conf
|
|
items:
|
|
- key: nginx.conf
|
|
path: nginx.conf
|
|
- name: nginx-cache
|
|
emptyDir: {}
|
|
- name: nginx-log
|
|
emptyDir: {}
|
|
restartPolicy: Always
|
|
|
|
---
|
|
# 3. Service
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: nginx-service
|
|
namespace: cpte-wms
|
|
labels:
|
|
app: nginx
|
|
spec:
|
|
ports:
|
|
- name: nginx
|
|
protocol: TCP
|
|
port: 80
|
|
targetPort: 80
|
|
nodePort: 30575
|
|
selector:
|
|
app: nginx
|
|
type: NodePort
|
|
sessionAffinity: None
|
|
externalTrafficPolicy: Cluster |